tele9752wikiaorg-20200213-history
XxUJ
Background: Know: flow, SNMP, syslog, ASN.1, BER, prereq - TCP, SCTP Recognize: Flow information, Netflow Flow info export protocols Overview Flow records are output of a router when it determines that the flow is finished. Each flow record contains keys that can identify packets with similar flow characteristics and take socket parameters as an example. In addition, each flow record can also contain statistics about flow. For example, these statistics can be packet count and start/stop time as well. To aviod overhead of SNMP/syslog for common flow reports due to the ASN.1 generality and BER (Basic Encoding Rules), a new flow information export protocol (IPFIX) emerges instead of depending on the previous Cisco systems NetFlow standard for traffic flow information export. NetFlow and IPFIX NetFlow NetFlow NetFlow was initially implemented by Cisco in order to collect the IP trafic information, and it was described in an "informational" document (See Reference RFC 3954 for more information). Cisco Systems NetFlow Services Export Version 9 is the evolution of flow-record format, which forms the basis for IPFIX. NetFlow v9 and IPFIX provide for "templates" that can define what statistics are collected in a flow record. For example, the record format and attributes of the fields (such as type and length) within the record can be defined. More, the template will be transmitted with flow records since the router sends flow records to the NetFlow collector with minimal temlate information so that the NetFlow collector can relate the records to the appropriate template within the cache. Internet Protocol Flow Information Export (IPFIX) IPFIX is an IETF protocol, based on the NetFlow Version 9, which was published in January,2008. And its concern is characteristic flow information on the transmission link that is more directly in reflecting the current network status and controlling the network flow through the flow common report. RFC 5101-3, the IPFIX protocol document, specifies how IPFIX data records and templates are carried through a congestion-aware transport protocol and it also defines how IP flow information is formatted and transferred from IPFIX Exporting Process to Collecting Process. IPFIX standard gives a formal description of IPFIX information elements, such as names, types and addtional semantic information as well. IPFIX prefers to using the SCTP(Stream Control Transmission Protocol) to export packets in order to protect the packets from losing so that flow records already exported can be kept track, but UDP and TCP are also allowed to use for efficiency reasons. More, if IPFIX is present, it will use the secure port 4740 while if IPFIX is not present, it will use the default port 4739. See also Corresponding TELE9752 lecture slides References 1. Clemm:Network Management Fundamentals, Cisco Press, 2006 2. Commer: Automated Network Management Systems: Current and Future Capabilities, Pearson, 2006 3. RFC 3954 - NetFlow Version 9 Unsorted material from xxXC: NetFlow NetFlow is a network protocol for collecting IP traffic information and describes the statistical method for routed socket pairs. With the help of flow information, it can achieve and improve many network management functions such as traffic analysis, monitoring for network planning, usage-based billing and router feature acceleration. NetFlow has become an industry standard for traffic monitoring and is supported on various platforms. In addition to most of Cisco routers, Juniper, Extreme and other companies' routers and switches also integrate this property. Network managers are able to know IP traffic information in detail by using NetFlow services, which includes 'Who communicate', 'What information', 'Where', 'When' and 'IP throughout '. All these things are included in packets and they are obtained when packets go through a network observation point. Category:All